<?php

/**
 * Created by PhpStorm.
 * User: Nelson.Nie
 * Date: 2017/3/22
 * Time: 9:42
 */
class MY_Controller extends CI_Controller {
	
    public function __construct() {
        parent::__construct();
        
    }

    private function inject_check($sql_str) {
        return preg_match('/select|insert|and|or|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile/', $sql_str);
    }

    private function showMsg($msg, $url = -1) {

        $tmpCode = "<script>";
        $tmpCode .= "alert('$msg');";
        if ($url == -1) {
            $tmpCode .= "window.history.go(-1);";
        } else {
            $tmpCode .= "window.location.href='$url';";
        }
        $tmpCode .= "</script>";
        exit($tmpCode);

    }

    public function verify_id($id = null,$isNumber=true) {
        $tip = "景德镇陶瓷大学移动互联协会提醒您：\\n\\n";
        if (!$id) {
            $tip .= "缺少参数！";
            $this->showMsg($tip);
        } elseif ($this->inject_check($id)) {
            $tip .= "提交的参数有非法字符！";
            $this->showMsg($tip);
        } elseif ($isNumber&&!is_numeric($id)) {
            $tip .= "参数必须是数字！";
            $this->showMsg($tip);
        }
        $id = intval($id);
        return $id;
    }
}